The latest Microsoft’s Threat and Data Research has revealed that though threats have been rising fast over the past two years, there has been low adoption of strong identity authentication, such as multifactor authentication and password less solutions.
According to the research report, only 22 per cent of Microsoft’s Cloud Identity Solution, Azure Active Directory users, had implemented strong identity authentication protection as of December 2021.
Highlighting username and password theft by hackers, the report said the average price for 1,000 stolen username password pairs is around $0.97, adding that securing 400 million username and password combinations in bulk will earn a cybercriminal around $150.
The report further said username and password theft are on the increase, especially in Africa where businesses are often more prone to cyber-attacks than companies anywhere else in the world. It cited another report, which ranked Nigeria third in Africa, experiencing 16.7 million cyber-attacks and South Africa ranked first with 32 million attacks, followed by Kenya at 28.3 million.
However, the consequences of a data breach are now front of mind for 64 percent of companies in the Middle East and Africa (MEA) according to current Microsoft-IDC research.
Microsoft said its latest Threat and Data Research report would help to push organisations in Nigeria to pay closer attention to digital identities, while confirming that user identities with an additional layer of security is a key priority over the next six to 18 months for 60 per cent of businesses in MEA.
The report also said in recognising the danger that comes with remote work and increased digitisation, another 75 percent of companies in MEA are actively investing in identity and access management.
Giving details on how to implement zero trust to reduce risk, Microsoft, in its report, advised organisations to prioritise implementing zero-trust practices like Multi-Factor Authetication (MFA) and passwordlessupgrades as part of a security baseline, adding that they can begin with privileged accounts to gain protection quickly, then expand from there.
The report, which explained how to prevent passwords falling into the wrong hands, said enabling MFA, remained an important weapon in fighting back.
According to the report, “By so doing, your organisation mitigates the risk of passwords falling into the wrong hands. You can take this a step further by eliminating passwords altogether and, at the same time, eliminating administrative privileges through passwordless MFA.
“Though passwords are a prime target for attacks, they’ve long been the most important layer of security for everything in our digital lives. People are expected to create complex and unique passwords, remember them, and change them frequently, but this is highly inconvenient, and nobody likes doing that. Ultimately, a passwordless future is a safer future.”
